Intelligent mobile malware detection using permission requests and API calls

Alazab, Moutaz; Alazab, Mamoun; Shalaginov, Andrii; Mesleh, Abdelwadood; Awajan, Albara

doi:10.1016/j.future.2020.02.002

Cited by 183 publications

(105 citation statements)

References 33 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In this study, novel feature sets (10,25,50,100,200, 300, 500, 1000, 3000, 5000, 7000, and 9000) were analyzed for effective malware detection. Two feature-selection algorithms (Chi-Square and ANOVA) and ten classification algorithms (Naïve Bayes, k-NN, Random Forest, J48, SMO, Logistic Regressions, AdaBoost-decision stump model, Random Committee, JRip, and Simple Logistics) were studied.…”

Section: Resultsmentioning

confidence: 99%

“…Second, the proposed system relies on the information derived from the source code to recognize malicious applications by retrieving the prominent application programming interface (API) calls requested by the malware. Numerous studies [9][10][11][12][13][14][15][16] have suggested that API calls can indicate malicious behavior and provide a detailed evaluation of the applications under investigation. Third, Term Frequency-Inverse Document Frequency (TF-IDF) was employed as a feature-weighting technique to reduce the importance of commonly requested features and increase the importance of rarely requested features.…”

Section: )mentioning

confidence: 99%

See 1 more Smart Citation

Automated Malware Detection in Mobile App Stores Based on Robust Feature Generation

Alazab

2020

Electronics

Self Cite

View full text Add to dashboard Cite

Many Internet of Things (IoT) services are currently tracked and regulated via mobile devices, making them vulnerable to privacy attacks and exploitation by various malicious applications. Current solutions are unable to keep pace with the rapid growth of malware and are limited by low detection accuracy, long discovery time, complex implementation, and high computational costs associated with the processor speed, power, and memory. Therefore, an automated intelligence technique is necessary for detecting apps containing malware and effectively predicting cyberattacks in mobile marketplaces. In this study, a system for classifying mobile marketplaces applications using real-world datasets is proposed, which analyzes the source code to identify malicious apps. A rich feature set of application programming interface (API) calls is proposed to capture the regularities in apps containing malicious content. Two feature-selection methods—Chi-Square and ANOVA—were examined in conjunction with ten supervised machine-learning algorithms. The detection accuracy of each classifier was evaluated to identify the most reliable classifier for malware detection using various feature sets. Chi-Square was found to have a higher detection accuracy as compared to ANOVA. The proposed system achieved a detection accuracy of 98.1% with a classification time of 1.22 s. Furthermore, the proposed system required a reduced number of API calls (500 instead of 9000) to be incorporated as features.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: )mentioning

confidence: 99%

Automated Malware Detection in Mobile App Stores Based on Robust Feature Generation

Alazab

2020

Electronics

Self Cite

View full text Add to dashboard Cite

show abstract

“…is called dynamic analysis. Before executing the malware sample, the appropriate monitoring tools like Process Monitor [13] and Capture BAT [14] (for file system and registry monitoring), Process Explorer [15] and Process Hackerreplace [16] (for process monitoring), Wireshark [17] (for network monitoring) and Regshot [18] (for system change detection) are installed and activated. Various techniques that can be applied to perform dynamic analysis include function call monitoring, function parameter analysis, information flow tracking, instruction traces and autostart extensibility points etc.…”

Section: Dynamic Analysismentioning

confidence: 99%

“…Few recent studies have been done on static and dynamic analysis of Android malware [11], detection using permission [12][13][14], based on system call sequences and LSTM [15].…”

mentioning

confidence: 99%

A Survey on Malware Detection and Analysis Tools

Talukder¹,

Talukder²

2020

IJNSA

View full text Add to dashboard Cite

The huge amounts of data and information that need to be analyzed for possible malicious intent are one of the big and significant challenges that the Web faces today. Malicious software, also referred to as malware developed by attackers, is polymorphic and metamorphic in nature which can modify the code as it spreads. In addition, the diversity and volume of their variants severely undermine the effectiveness of traditional defenses that typically use signature-based techniques and are unable to detect malicious executables previously unknown. Malware family variants share typical patterns of behavior that indicate their origin and purpose. The behavioral trends observed either statically or dynamically can be manipulated by using machine learning techniques to identify and classify unknown malware into their established families. This survey paper gives an overview of the malware detection and analysis techniques and tools.

show abstract

“…The number of applications has significantly increased from one million in 2013 to about 2.900.000 applications [3] making Google Play a rich place where people can satisfied their needs. Despites Google Play Protect which is exploited for threat protection, there are still malicious applications carefully designed by bad people to impact on user security and privacy [4,5]. Therefore, an urgent need is to develop effective solutions to identify malware.…”

Section: Introductionmentioning

confidence: 99%

A Security-Related Reputation Scheme of Android Apps Based on NLP Analysis of Comments

Tchakounté¹,

Pagore²,

Atemkeng³

et al. 2020

Preprint

View full text Add to dashboard Cite

Comments are exploited by product vendors to measure satisfaction of consumers. With the advent of Natural Language Processing (NLP), comments on Google Play can be processed to extract knowledge on applications such as their reputation. Proposals in that direction are either informal or interested merely on functionality. Unlike, this work aims to determine reputation of Android applications in terms of confidentiality, integrity, availability and authentication (CIAA). This work proposes a model of assessing app reputation relying on sentiment analysis and text analysis of comments. While assuming that comments are reliable, we collect Google Play applications subject to comments which include security keywords. An in-depth analysis of keywords based on Naive Bayes classification is made to provide polarity of any comment. Based on comment polarity, reputation is evaluated for the whole application. Experiments made on real applications including dozens to billions of comments, reveal that developers lack to make efforts to guarantee CIAA services. A fine-grained analysis shows that not security reputed applications can be reputed in specific CIAA services. Results also show that applications with negative security polarities display in general positive functional polarities. This result suggests that security checking should include careful comment analysis to improve security of applications.

show abstract

Intelligent mobile malware detection using permission requests and API calls

Cited by 183 publications

References 33 publications

Automated Malware Detection in Mobile App Stores Based on Robust Feature Generation

Automated Malware Detection in Mobile App Stores Based on Robust Feature Generation

A Survey on Malware Detection and Analysis Tools

A Security-Related Reputation Scheme of Android Apps Based on NLP Analysis of Comments

Contact Info

Product

Resources

About